Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks

Feb 08, 2023Ravie LakshmananThreat Intelligence / Cyber War

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos.

The mass phishing campaign has been attributed to a threat actor it tracks as UAC-0050, with the agency describing the activity as likely motivated by espionage given the toolset employed.

The bogus emails that kick-start the infection sequence claim to be from Ukrainian telecom company Ukrtelecom and come bearing a decoy RAR archive. Of the two files present in the file, one is a password-protected RAR archive that’s over 600MB and the other is a text file containing the password to open the RAR file.

Embedded within the second RAR archive is an executable that leads to the installation of the Remcos remote access software, granting the attacker full access to commandeer compromised computers.

Remcos, short for remote control and surveillance software, is offered by Breaking Security either for free or as a premium version that costs anywhere between €58 and €945.

The Italian company calls it a “lightweight, fast and highly customizable Remote Administration Tool with a wide array of functionalities.”

The latest CERT-UA advisory comes as the State Cyber Protection Centre (SCPC) of Ukraine pointed fingers at a Russian state-sponsored threat actor known as Gamaredon for its targeted assaults aimed at public authorities and critical information infrastructure.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related News

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

The primary targets of this phishing campaign are located in the Ukrainian regions of Crimea, Donetsk, and Lugansk, which were…
CyberSecure Announces Strategic Alliance

CyberSecure Announces Strategic Alliance

BETHESDA, Md., March 24, 2023 /PRNewswire/ — Cybersecure IPS and LockDown Inc. jointly announce that they have entered a strategic alliance to…
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own…